HADOOP-11014. Potential resource leak in JavaKeyStoreProvider due to unclosed stream. (ozawa)

(cherry picked from commit b351086ff6)
2015-03-25 16:59:40 +09:00 · 2015-03-25 16:59:40 +09:00 · e4da690547
parent 77024aada9
commit e4da690547
3 changed files with 18 additions and 15 deletions
--- a/hadoop-common-project/hadoop-common/CHANGES.txt
+++ b/hadoop-common-project/hadoop-common/CHANGES.txt
@ -731,6 +731,9 @@ Release 2.7.0 - UNRELEASED
    HADOOP-11609. Correct credential commands info in
    CommandsManual.html#credential. (Varun Saxena via ozawa)

+    HADOOP-11014. Potential resource leak in JavaKeyStoreProvider due to
+    unclosed stream. (ozawa)
+
 Release 2.6.1 - UNRELEASED

  INCOMPATIBLE CHANGES
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/JavaKeyStoreProvider.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/JavaKeyStoreProvider.java
@ -22,6 +22,7 @@
 import org.apache.commons.io.IOUtils;
 import org.apache.hadoop.classification.InterfaceAudience;
 import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.fs.FSDataInputStream;
 import org.apache.hadoop.fs.FSDataOutputStream;
 import org.apache.hadoop.fs.FileStatus;
 import org.apache.hadoop.fs.FileSystem;
@ -303,9 +304,11 @@ private boolean isBadorWrongPassword(IOException ioe) {

  private FsPermission loadFromPath(Path p, char[] password)
      throws IOException, NoSuchAlgorithmException, CertificateException {
-    FileStatus s = fs.getFileStatus(p);
-    keyStore.load(fs.open(p), password);
-    return s.getPermission();
+    try (FSDataInputStream in = fs.open(p)) {
+      FileStatus s = fs.getFileStatus(p);
+      keyStore.load(in, password);
+      return s.getPermission();
+    }
  }

  private Path constructNewPath(Path path) {
@ -599,9 +602,8 @@ private void cleanupNewAndOld(Path newPath, Path oldPath) throws IOException {
  }

  protected void writeToNew(Path newPath) throws IOException {
-    FSDataOutputStream out =
-        FileSystem.create(fs, newPath, permissions);
-    try {
+    try (FSDataOutputStream out =
+        FileSystem.create(fs, newPath, permissions);) {
      keyStore.store(out, password);
    } catch (KeyStoreException e) {
      throw new IOException("Can't store keystore " + this, e);
@ -612,7 +614,6 @@ protected void writeToNew(Path newPath) throws IOException {
      throw new IOException(
          "Certificate exception storing keystore " + this, e);
    }
-    out.close();
  }

  protected boolean backupToOld(Path oldPath)
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/alias/JavaKeyStoreProvider.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/alias/JavaKeyStoreProvider.java
@ -22,6 +22,7 @@
 import org.apache.commons.io.IOUtils;
 import org.apache.hadoop.classification.InterfaceAudience;
 import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.fs.FSDataInputStream;
 import org.apache.hadoop.fs.FSDataOutputStream;
 import org.apache.hadoop.fs.FileStatus;
 import org.apache.hadoop.fs.FileSystem;
@ -98,11 +99,8 @@ private JavaKeyStoreProvider(URI uri, Configuration conf) throws IOException {
        ClassLoader cl = Thread.currentThread().getContextClassLoader();
        URL pwdFile = cl.getResource(pwFile);
        if (pwdFile != null) {
-          InputStream is = pwdFile.openStream();
-          try {
+          try (InputStream is = pwdFile.openStream()) {
            password = IOUtils.toString(is).trim().toCharArray();
-          } finally {
-            is.close();
          }
        }
      }
@ -110,6 +108,7 @@ private JavaKeyStoreProvider(URI uri, Configuration conf) throws IOException {
    if (password == null) {
      password = KEYSTORE_PASSWORD_DEFAULT.toCharArray();
    }
+
    try {
      keyStore = KeyStore.getInstance(SCHEME_NAME);
      if (fs.exists(path)) {
@ -118,7 +117,9 @@ private JavaKeyStoreProvider(URI uri, Configuration conf) throws IOException {
        FileStatus s = fs.getFileStatus(path);
        permissions = s.getPermission();

-        keyStore.load(fs.open(path), password);
+        try (FSDataInputStream in = fs.open(path)) {
+          keyStore.load(in, password);
+        }
      } else {
        permissions = new FsPermission("700");
        // required to create an empty keystore. *sigh*
@ -257,8 +258,7 @@ public void flush() throws IOException {
        return;
      }
      // write out the keystore
-      FSDataOutputStream out = FileSystem.create(fs, path, permissions);
-      try {
+      try (FSDataOutputStream out = FileSystem.create(fs, path, permissions)) {
        keyStore.store(out, password);
      } catch (KeyStoreException e) {
        throw new IOException("Can't store keystore " + this, e);
@ -268,7 +268,6 @@ public void flush() throws IOException {
        throw new IOException("Certificate exception storing keystore " + this,
            e);
      }
-      out.close();
      changed = false;
    }
    finally {